A significant challenge for firms regulated by the UK Financial Conduct Authority (FCA) is establishing and maintaining internal mechanisms to appropriately manage the regulatory risk pertaining to their business activities.
There is a huge volume of regulatory requirements. The FCA Handbook is divided into 54 ‘sourcebooks’; many of these comprise hundreds of pages. There is also relevant legislation that is not included in the FCA Handbook, including legacy EU regulations which had direct effect (and continue to apply) in the UK. Firms have the unenviable task of working out which parts of the regulatory framework applies to them, and which elements should be prioritised.
The FCA seeks to provide guidance to firms on how to do this. Via publications and speeches, it frequently signals its regulatory priorities. Over the past 12 months, two general themes have emerged. The first is that Covid-19 has changed the regulatory risk profile of most (it not all) FCA regulated firms, and it expects such firms to react accordingly. The second is that Covid-19 should not cause firms to lower their standards; notwithstanding additional challenges faced by firms due to the pandemic.
As well as providing guidance, the FCA supervises firms and it can direct firms to correct deficiencies – which can be a costly and time-consuming task. It also has significant enforcement powers. For instance, it can sanction both firms and individuals within firms, and bring criminal prosecutions.
There are various specific regulatory topics that have been recently highlighted by the FCA. These include:
Market abuse is concerned with unlawful behaviour on the financial markets, and includes insider dealing and market manipulation.
Firms are expected to maintain, and update as applicable, a market abuse risk assessment, and to put in place additional measures such as processes to identify actual instances of market abuse, restricted lists/insider lists, information barriers, personal account dealing rules and recording telephone lines.
The increased market volatility at the start of the lock-down prompted the FCA to comment on the correlation between such volatility and market abuse risk.
More recently, the ‘GameStop incident’ has prompted commentators to consider the linkage between social media forums and market manipulation.
At any one time, the FCA is investigating hundreds of potential instances of market abuse. As recently as last Thursday 04 March 2021 the FCA sanctioned a proprietary trader for ‘wash trading’ (a type of market manipulation). In February 2021 the FCA instigated two separate criminal prosecutions for insider dealing. In December 2020 the FCA sanctioned a hedge fund portfolio manager for market manipulation. On that occasion the wrongdoing was identified by the FCA’s internal surveillance systems.
The FCA has also sanctioned firms for having inadequate market abuse systems and controls.
Financial crime includes money laundering, terrorist financing, bribery and fraud. Covid-19 has made it more difficult to monitor instances of financial crime, due to remote working. There are increased opportunities for criminals to exploit weaknesses in a firm’s anti-financial crime systems and controls framework.
Financial crime is an important regulatory topic, due to the adverse impact of such crimes on wider society, and the significant number of ways that the financial services industry could be used as a conduit for such crimes. There is also a risk to individuals within the industry due to the various criminal offences that they could commit. (For example, one does not need to be an actual money launderer in order to commit a money laundering criminal offence!)
The FCA therefore expects firms to react to the challenges posed by Covid-19, for example, ensuring that customer due diligence processes remain fit-for-purpose.
Cyber security was a regulatory ‘hot topic’ pre-Covid-19; the pandemic has served to further increase cyber security risks.
This is in part due to the increased prevalence of remote working, leading to difficulties in setting and reviewing security protocols. Anecdotally, there are more ‘cyber criminals’ in part since other criminal activity has become unavailable to them, due to lockdowns.
It has become vitally important for individuals to identify the main types of cyber security risks and to take appropriate action.
Conduct, culture and accountability
The regulatory initiative to improve standards of conduct and culture, and to revise the parameters of individual accountability, is long-standing. For most FCA authorised firms, a watershed moment was the implementation of the Senior Managers and Certification Regime (SMCR) in December 2019. Among other things, SMCR sets a framework of accountability for senior managers and for the first time creates a code of conduct for almost all individuals working in the financial services industry.
Certain aspects of SMCR are subject to a transitional phase which expires on 31 March 2021. Thereafter, the regulatory expectation is that firms will have implemented SMCR in full. Arguably, the transitional phase has also been a ‘grace period’, to enable firms to get to grips with the new regime. However, given the importance that the FCA is placing on individual conduct and accountability, it’s anticipated that the FCA supervisory effort will now shift its focus to SMCR, and enforcement action could follow.
At RQC Group, we recognise the importance of empowering the industry with the tools to mitigate against the risks associated with these regulatory topics highlighted by the FCA, by providing cost-effective and scalable CPD-certified e-Learning courses across all of SMCR, Anti-Money Laundering, Market Abuse, Anti-Bribery and Cyber Security – click here if you’d like access to our Free Demo courses.